Method and system for checking digital signatures and card with microcircuit for using the method

ABSTRACT

To check a digital signature, using a microcircuit card, the microcircuit being designed to receive and to process requests to check digital signatures, the process comprises storing in a memory in the microcircuit a certificates table containing digest forms of authorized public keys, and a phase of checking a digital signature consisting of: receiving by the microcircuit the digital signature to be checked and a public key corresponding to a private key that was used to generate the digital signature to be checked; calculating a digest form of the received public key, searching for the calculated digest form of the public key in the certificates table, and decrypting the digital signature using the received public key if the calculated digest form of the public key is located in the certificates table.

BACKGROUND

This invention relates to a method and system for checking digitalsignatures and a smart card for using this method.

In particular, but not exclusively, it is applicable to authenticationof information and verification of digital signatures in order toauthorize specific processing. This processing consists particularly ofrecording rights in a card with an electronic microcircuit, for examplein electronic transport ticket, or electronic purse or reduction voucherdistribution applications.

Cards with electronic microcircuits, called smart cards, are usuallyused as a mobile computer support for a wide variety of applicationsmostly requiring a high degree of security, and particularly bankoperations, secure payments, access to buildings or secure areas andtelecommunications.

For example, when it is required to update sensitive data in a smartcard, such as a refill amount for an electronic purse application, thecard must be capable of checking the source of an update order that itreceives. This is done by associating the update order with a digitalsignature, in which the identity of the signatory is guaranteed by acertificate that is also associated with the update order.

A digital signature added to a message is usually obtained by applying ahashing function to the message to obtain a digest, and encrypting thisdigest using a private key known only to the signatory. Therefore, allthat is necessary to check a signature is to have the public keycorresponding to the private key used, and the hashing function, toapply the hashing function to the message, to decrypt the signatureusing the public key and to compare the result obtained using thehashing function with the result obtained by decryption. If these tworesults are identical, the signature is correct.

A public key certificate, for example conforming with the X509 or PKCS#6standard, is composed of a combination of a public key used by a person,identification information for this person and a definition of avalidity period, the combination of this information being madeimpossible to falsify by a digital signature added by a certificationauthority, this signature using a private key of the certificationauthority. All that is necessary to check this certificate is to havethe public key of the certification authority corresponding to theprivate key used, and to use this public key to check that the digitalsignature really is issued by the certification authority. It is thuspossible to make sure that a public key corresponds to the identity of adetermined person. However, this principle does not guarantee that theperson who is using the private key corresponding to the public key isactually the person identified in the certificate. Certificationauthorities usually do not guarantee this correspondence.

To guarantee such correspondence, it has been proposed to set up a chainor pyramid organization based on the “certificates chains” concept inwhich the digital signature of each person is certified by the signatureof an entity that was previously certified by another entity and so on,until reaching a reference authority located at the top of the pyramid.In such an organization, a signature is based on all certificates of allpublic keys in order to work upwards along the certification chain asfar as the reference authority. Therefore to check a signature, allcertificates have to be checked until reaching a certificate issued by aknown entity in the certification chain. It is also necessary that thepublic key of this known entity should be stored reliably and so that itcannot be falsified.

The techniques that have to be used to manage such an organization caneasily be installed in a PC type personal computer, particularly usingInternet browsing software that integrates all or some of thesefunctions with the SSL (Secure Sockets Layer) and HTTPS (HypertextTransfer Protocol integrating SSL) protocols. However, these techniquesare much more difficult to use in a smart card that has a significantlymore limited calculation power and storage capacity. Certificates chainsthat have to be processed are very long compared with the usualcharacteristics of smart cards. Thus, a certificate conforming with theX509 standard may be several kbits long, and if the certificates chainis long, the card must be able to process and memories more informationthan is possible based on its capacities.

In this respect, it is important to emphasize that the terminal to whichthe card is connected cannot execute such a processing, and the terminalmemory cannot be used for this processing, without affecting securitysince it would then be very easy to deceive the card, particularly byreplacing one public key by another.

It has already been proposed to introduce all public keys ofcertification authorities in the certification chain, into the memory ofthe smart card. However this solution requires large memory capacitiesconsidering that the public key frequently occupies more than one kbit.It is also necessary that these public keys should be stored in a securememory area to prevent risks of fraud consisting of introducing anunauthorized key into this list of public keys. At the moment,microcircuits installed in the smart cards do not have sufficient securememory capacity.

SUMMARY

The purpose of this invention is to eliminate these disadvantages byproposing a data and processing organization between a smart card and aterminal in order to minimize constraints applied to the card in termsof necessary quantity of memory and processing, without affecting thesecurity of the system in which they are used. This objective isachieved by providing a process for verification of a digital signature,involving a microcircuit that can be connected to a data processingsystem, the microcircuit being designed to receive requests to checkdigital signatures from the data processing system, and to process theserequests, a digital signature being generated using a private key onlyknown to a signatory entity and associated with a public key.

According to the invention, this process includes a step of storing in amemory in the microcircuit a certificates table containing a digest formof at least one public key, and a phase of checking a digital signaturecomprising steps consisting of:

-   -   receiving by the microcircuit the digital signature to be        checked and a public key in a pair of keys comprising a private        key used to generate the digital signature to be checked,    -   calculating a digest form of the received public key and        searching for the calculated digest form of the public key in        the certificates table, and    -   decrypting the digital signature using the received public key        if the calculated digest form of the public key is located in        the certificates table.

According to one particular feature of the invention, this processcomprises a phase of inserting a public key in the certificates table,comprising steps consisting of:

-   -   receiving by the microcircuit a certificate of the public key to        be inserted in the certificates table, and a public key from a        certification entity that generated the certificate, the        certificate comprising the public key to be added into the        certificates table and a digital signature of the certification        entity, generated using a private key belonging to a pair of        keys including the public key of the certification entity,    -   calculating by the microcircuit a digest form of the public key        received from the certification entity, and searching for the        calculated digest form of the public key in the certificates        table,    -   decrypting the digital signature using the public key received        from the certification entity if the calculated digest form of        the public key is located in the table,    -   extracting the public key to be inserted from the certificate if        the decrypted digital signature is correct,    -   calculating a digest of the public key extracted from the        certificate, and inserting the calculated digest in the        certificates table.

Advantageously, the phase of insertion in the certificates table of apublic key in the certificates table includes the insertion of a pointerto the digest of the public key of the certification entity that issuedthe certificate of the public key to be inserted, so as to define acertification tree in combination with the inserted digest of the publickey.

According to another feature of the invention, this process includes aphase of deleting a public key digest from the certificates tableconsisting of deleting the digest of a public key to be removed, fromthe certificates table, and deleting from the certificates table alldigests of public keys associated with a pointer indicating the publickey to be removed.

Preferably, each public key digest entered into the certificates tableis associated with a validity end date, and the phase of inserting apublic key into the certificates table also comprises steps consistingof reading a validity end date of the public key to be inserted in thereceived certificate, and entering the validity end date of the publickey to be inserted into the certificates table, together with the digestof the public key to be inserted, if it is earlier than the validity enddate of the public key of the certification entity read in thecertificates table.

Also preferably, each digest of a public key entered into thecertificates table is associated with a usage counter that isincremented every time that a digital signature is checked using thepublic key, and said process including deletion of a public key digestfrom the certificates table when the usage counter is zero and thenumber of empty locations in the certificates table is less than apredetermined threshold.

Also preferably, each public key digest entered into the certificatestable is associated with a usage counter that is incremented every timethat a digital signature is checked using the public key, on a lastusage date that is updated every time that the associated usage counteris incremented, and when the number of empty locations in thecertificates table is less than a predetermined threshold, said processalso includes a step to select a digest of a public key to be deleted asa function of the corresponding associated values of the usage counterand the last usage date.

Advantageously, the microcircuit uses a predefined hashing function tocalculate the digest forms of the public keys.

According to yet another particular feature of the invention, thisprocess comprises a phase of inserting a root public key in thecertificates table, this insertion phase being done by write processingcontrolled by a MAC calculated using a specific key in the microcircuitand only known to an entity having issued the microcircuit.

Advantageously, the digest of a public key memorized in the certificatestable is obtained by calculating a digest of the public key associatedwith other information such as the validity end date of the public key,identity information and serial numbers, this information beingtransmitted to the microcircuit every time that the signature is checkedusing the public key.

Advantageously, the digest of a public key memorized in the certificatestable is obtained by calculating a digest of the certificate received bythe microcircuit when the public key is inserted in the certificatestable, this certificate being transmitted to the microcircuit every timethat the signature is checked using the public key.

Preferably, the certificates table is stored in a secure memory area inthe microcircuit.

The invention also relates to a microcircuit card using the processdefined above.

The invention also relates to a system for checking a digital signatureincluding a microcircuit that can be connected to a data processingsystem, for implementation of the process defined above.

BRIEF DESCRIPTION OF THE DRAWINGS

A preferred embodiment of the invention will be described below as anon-limitative example with reference to the attached drawings amongwhich:

FIG. 1 diagrammatically shows a system in which the method according tothe invention can be used;

FIG. 2 shows a certificates tree;

FIG. 3 shows a certificates tree as it is memorized in a smart cardaccording to the invention;

FIGS. 4 to 6 represent the various procedures that will be executed by asmart card according to the invention, in the form of a flowchart;

FIG. 7 shows a variant of the certificates table represented in FIG. 3,according to the invention.

DETAILED DESCRIPTION

The system shown in FIG. 1 comprises a plurality of terminals 51connected to digital data transmission networks 50. These terminals aredesigned to supply different services that have to be protected againstfraud, such as refills of electronic purses, or assignment of a right(for example a transport ticket), or for a secure data exchange.

System users also have a personal card, of the type with amicroprocessor 53, more usually called a smart card, each terminal 51being provided with communication means 52 such as a smart card reader,to communicate with the microprocessor of the card 53.

Before a user can access a service as mentioned above, he must have asmart card 53 in which there will be a public key assigned to theservice, in the card memory. This public key will enable him to check orauthenticate signatures of different terminals using a certificationsystem.

FIG. 2 represents a public key certificates tree comprising severalcertification systems. This tree shows that the corresponding publickeys of entities A1 and A2 are certified by an entity A, and that thepublic keys of entity A and entity B are certified by an entity R calledthe “root” due to the fact that it is located at the root of the tree,by links between keys.

If it is required that a certificate, for example issued by entity A2and related to a public key of a person X, should be checked by a persononly knowing the certification authority R, then an entire certificateschain has to be transmitted to this person comprising a certificateissued by the certification authority R. If we denote a certificateissued by entity A dealing with the public key of an entity A1 as <A,A1>, then this certification chain is composed of the followingcertificates:

-   -   <A2, X><A, A2><R, A>

Each certificate is composed of the signature of the certificationauthority attached to the public key to be certified, and associatedwith identification information of the holder of the public key to becertified and the certification authority, and possibly with validitystart and end dates. Therefore, we have <R, A>=(Sig_(R)(A_(p), Identityof A, Validity start and end dates), Identity of R), where A_(p)represents the public key of entity A.

In the previous example, if it is required that a signature Sig_(X)(M)issued by the person X and dealing with a message M, can be checked by aperson who only knows the certification authority R, then thecertificates mentioned above have to be associated with the signature:

-   -   Sig_(X)(M)<A, 2, X><A, A2><R, A>

In this way, if the public key R_(p) is known, the certificate <R, A>provides the public key A_(p) of entity A. The certificate <A, A2>supplies the public key A2 _(p) of entity A2, and the certificate <A2,X> supplies the public key X_(p) used to check the signature Sig_(X)(M).

When it is required to check a signature and therefore to assure that apublic key is valid, this process involves transmission of a largequantity of information and a large amount of processing, theseconstraints being incompatible with the storage and processingcapacities of a smart card.

To solve this problem, this invention proposes to store a digest ofpublic keys of recognized certification authorities in the smart cardmemory rather than the public keys themselves, for example a digestobtained using a so-called hashing function, such as MD4 or 5 (MessageDigest), SHA (Secure Hash Algorithm) or HMAC (Hashed MessageAuthentication Code).

These digest keys are stored in the form of a certificates table 5, likethat shown in FIG. 3. In the certificates table shown in this Figure,each Hash(X_(p)) digest 6 of the public key is associated with avalidity end date 7 of the corresponding certificate, for exampledefined in the form <month number>/<year on 2 digits>, and a pointer 8to the line in the table corresponding to the public key on the upstreamside of the certification chain.

Thus, for example key A2 _(p), memorized in digest form on the fourthline of the table, is associated with a validity end date equal toDecember 2002 and is attached to line 2 in the table in whichinformation concerning the public key A_(p) is located. Therefore ingeneral, pointers appearing in the pointers column 8 in table 5 can beused to reconstitute the certification tree shown in FIG. 2.

Since the root key R_(p) of the certification tree is not attached toany other key, it is associated with a null pointer in the certificationtable.

Obviously, the certification table according to the invention cancontain several independent certification trees, and therefore severalroot keys.

Apart from the fact that it reduces the necessary memory resources, theinvention also simplifies management of this memory knowing that the keysize is variable (it is usually larger for root keys than for otherkeys) and that a hashing function provides a binary sequence with aconstant length regardless of the size of the binary sequence applied atthe function input.

According to the invention, this certificates table 5 is associated witha procedure for insertion of a new key certified by a key appearing inthe table, a procedure for deletion of a key from the table, and aprocedure for checking the signature that used a key in the table, theseprocedures being stored in the program memory of the smart card 53 andbeing executable by the card processing unit, under the control of theterminal 51 connected to the card.

A new key is inserted in the certificates table 5 using a procedure 1illustrated diagrammatically in FIG. 4.

In step 10, this procedure receives the certificate of the public key tobe inserted in the table 5, <R, B> in the example shown, associated withthe public key R_(p) of the certification authority that issued thecertificate. In the next step 11, this procedure calculates a digestHash(R_(p)) of the received public key R_(p) using a previously definedhashing function, and then searches 12 for this key digest, in thecertificates table. If this key digest Hash(R_(p)) does not exist in thecertificates table 5, this procedure returns 13 an error message inresponse. However, if it does exist, it checks 14 the certificate byattempting to decrypt it using the public key R_(p). If the certificateis not valid, in other words if it cannot be decrypted using the publickey R_(p) (step 15), this procedure 16 returns an error message inresponse. If it is valid, it extracts 17 the public key Bp to beinserted into the certificates table from the certificate <R, B>, andthen it calculates 18 a digest Hash(Bp) of this public key using thesame hashing function, and inserts 19 the digest of the public keyobtained in the certificates table. In step 19, the procedure alsoinserts the validity end date supplied by certificate <R, B> in table 5,and inserts the address or the line number in the table corresponding tothe public key R_(p) supplied with the certificate <R, B> as input tothe procedure, into column 8 of pointers of the certificates table, forexample this address or this line number having been memorized in step12.

During the step to insert the new key Bp in the table, it can be checkedin advance that the validity end date of the new key is earlier than thevalidity end date of the key R_(p) to which it is attached by thecertificate. This measure is intended to satisfy the principle that anauthority cannot assign rights wider than the rights that it possesses.If this date is later than the validity end date of the key to which itis attached, the oldest of these two dates can be entered into thetable. As a variant, for security reasons it may be decided not to enterthe new key in the table and to issue an error message to the terminal.

Therefore procedure 1 that has just been described can be used to inserta key into a table, the key being attached by a certificate to anotherkey for which the digest is already located in the certificates table 5.Therefore the entire security of the certification system used by thecertificates table and the procedure for inserting a new key in thetable is based on the procedure used to insert a root key in the table.This is why a root key must be inserted using a procedure providingsufficient protection. Consequently, for example, such a procedure mayinclude conventional write processing controlled by a MAC (MessageAuthentication Code) calculated using a key specific to the card andonly known to the issuer of the card.

FIG. 5 diagrammatically illustrates the procedure 2 for checking thesignature denoted Sig(A_(p),M) to indicate that it is attached to themessage M and was generated using a private key corresponding to thepublic key A_(p).

This procedure receives the signature to be checked as input to step 21,for example Sig(A1 _(p),M), and the public key A1 _(p) corresponding tothe private key that was used to generate the signature.

In step 22, this procedure calculates a Hash(A1 _(p)) digest of thereceived key A1 _(p), and in step 23 searches to see if this key digestis located in the certificates table 5. If it is not, the card cannotverify the signature and it returns 24 an error message. If it is, itverifies 25 the signature by attempting to decrypt the digest of messageM using the public key A1 _(p). In the following steps 26, 27, 28, itreturns a message giving the result of the verification.

FIG. 6 diagrammatically illustrates the procedure 3 for withdrawing akey from the certificates table 5. In step 31, this procedure receivesthe key B_(p) to be deleted, as input. In steps 32 and 33, thisprocedure calculates the Hash(B_(p)) digest of the key B_(p) andsearches for the digest of this key in table 5. If the key to be deletedis not found in the table, this procedure returns 34 an error message.If it is, it deletes all information appearing in the line found intable 5. In the next step 36, it searches to see if other keys have tobe removed from table 5 because they are attached to the deleted key, inother words if the table contains pointers indicating the deleted line.If other keys have to be deleted (step 37) from the table, thisprocedure goes on to step 38 to execute the procedure 3 from step 35 forevery key found. In this way, if key A is removed from the table, thenall keys attached to A are also automatically removed, in other words inFIG. 2, keys A1 and A2 and all keys attached to A1 and A2.

It should be noted that the card processing unit can call procedure 3regularly, for example when it receives the current date, to remove allexpired keys from table 5, in other words all keys that have a validityend date earlier than the current date.

Furthermore, at the end of the deletion processing, table 5 could bereorganized by offsetting all non-empty lines in the table towards thebeginning of the table so as to eliminate all empty lines between twonon-empty lines.

It should be noted that procedures 1, 2 and 3 that have just beendescribed can be executed in non-connected mode, in other words they donot require action by entities other than the smart card 53 and theterminal 51 to which it is connected, provided that the terminal has thecertificates, signatures and public keys required by these procedures.

The certificates table 5′ could also include an additional column 41designed to receive usage counters associated with each key in the table(FIG. 7).

Every time that the procedure 2 is executed to check a signature using akey in the table, the corresponding counter that was initialized to 0when the key was inserted in the table will be incremented by 1, and allcounters associated with keys on the upstream side, in other wordsbetween the key corresponding to the checked signature and the root keyin the certification chain, and belonging to the same certificationchain, will also be incremented by 1. For example, if procedure 2 iscalled to check a signature using key A1 _(p), then counters associatedwith the A1 _(p), A_(p) and R_(p) keys will be incremented.

This measure means that the limited memory of the smart card 53 can bemanaged more efficiently by providing information about the use of eachkey in the certification table so that keys that are never used can beremoved from the certification table. This removal may be triggered bythe terminal 51. In this case, the procedure 1 comprises a step to sendan “insufficient memory” message to the terminal when the number ofempty lines in table 5′ is less than a predefined number. Procedure 1could also trigger this removal by calling procedure 3 in step 19.

Furthermore, if all counters in table 5′ are not zero and if the tableis full, then the key associated with the lowest value of the countercould be deleted. If several keys in table 5′ satisfy this criterion,the key chosen to be removed from the table could be one of the keysfurthest from a root key.

The table may also contain an additional column 42 containing the updatedate of each counter or the last usage date of the key. In this way, acriterion about the usage number and a last usage date criterion couldbe combined, or either of these two criteria could be applied to selectthe keys to be removed from the certificates table 5′. Depending on theapplications, it may be possible to delete the key associated with theoldest last usage date from the table.

The certificates table according to the invention can memories otherinformation in digest form, such as identity, serial number, validityend date information, etc. In this case, this information must betransmitted to the card when procedures 1, 2 and 3 are called.

According to one variant of the invention, the table memorizes a digestof certificates issued by the certification authorities and forming thecertification tree, rather than a digest of public keys of certificationauthorities. These certificates then have to be transmitted to the cardwhen procedures 1, 2 and 3 are called.

1. A method for checking a digital signature, involving a microcircuitconnectable to a data processing system, the microcircuit being designedto receive requests to check digital signatures from the data processingsystem, and to process these requests, a digital signature beinggenerated using a private key only known to a signatory entity andassociated with a public key, said method comprising: a step of storinga certificates table containing a digest form of at least one public keyin a memory in the microcircuit, wherein the public key is inserted intothe certificates table by a step that comprises inserting, in thecertificates table, a pointer to the digest form of the public key ofthe certification entity that issued the certificate of the public key,so as to define a certification tree in combination with the inserteddigest form of the public key; and a phase of checking a digitalsignature comprising steps of: receiving by the microcircuit a digitalsignature to be checked and a public key in a pair of keys comprising aprivate key that was used to generate the digital signature to bechecked; calculating a digest form of the received public key; searchingfor the calculated digest form of the public key in the microcircuit'scertificates table, at a location at which the inserted pointer points;and decrypting the digital signature using the received public key ifthe calculated digest form of the public key is located in thecertificates table.
 2. The method according to claim 1, furthercomprising a phase of inserting a public key into the certificatestable, comprising steps of: receiving by the microcircuit a certificateof the public key to be inserted in the certificates table, and a publickey from a certification entity that generated the certificate, thecertificate comprising the public key to be added into the certificatestable and a digital signature of the certification entity, generatedusing a private key belonging to a pair of keys including the public keyof the certification entity, calculating by the microcircuit a digestform of the public key received from the certification entity, andsearching for the calculated digest form of the public key in thecertificates table, decrypting the digital signature using the publickey received from the certification entity if the calculated digest formof the public key is located in the table, extracting the public key tobe inserted from the certificate if the decrypted digital signature iscorrect, calculating a digest of the public key extracted from thecertificate, and inserting the calculated digest in the certificatestable.
 3. The method according to claim 2, further comprising a phase ofdeleting a digest of a public key from the certificates table,comprising steps of deleting from the certificates table the digest of apublic key to be removed, and deleting from the certificates table alldigests of public keys associated with a pointer indicating the publickey to be removed.
 4. The method according to claim 2, wherein eachpublic key digest entered into the certificates table is associated witha validity end date, the phase of inserting a public key into thecertificates table further comprising steps of reading in a receivedcertificate a validity end date of the public key to be inserted, andentering the validity end date of the public key to be inserted into thecertificates table, together with the digest of the public key to beinserted, if it is earlier than the validity end date of the public keyof the certification entity read in the certificates table.
 5. Themethod according to claim 2, wherein each digest of a public key enteredin the certificates table is associated with a usage counter that isincremented every time that a digital signature is checked using thepublic key, and said method comprising deletion of a public key digestfrom the certificates table when the usage counter is zero and thenumber of empty locations in the certificates table is less than apredetermined threshold.
 6. The method according to claim 2, whereineach public key digest entered into the certificates table is associatedwith a usage counter that is incremented every time that a digitalsignature is checked using the public key, and with a last usage datethat is updated every time that the associated usage counter isincremented, said method further comprising a step to select a digest ofa public key to be deleted as a function of the corresponding associatedvalues of the usage counter and the last usage date when the number ofempty locations in the certificates table is less than a predeterminedthreshold.
 7. The method according to claim 1, wherein the microcircuituses a predefined hashing function to calculate the digest forms of thepublic keys.
 8. The method according to claim 1, further comprising aphase of inserting a root public key in the certificates table, thisinsertion phase being done by a write processing controlled by a MACcalculated using a specific key in the microcircuit and only known to anentity having issued the microcircuit.
 9. The method according to claim1, wherein the digest of a public key memorized in the certificatestable is obtained by calculating a digest of the public key associatedwith other information such as the validity end date of the public key,identity information and serial numbers, this information beingtransmitted to the microcircuit every time that the signature is checkedusing the public key.
 10. The method according to claim 1, wherein thedigest of a public key memorized in the certificates table is obtainedby calculating a digest of the certificate received by the microcircuitwhen the public key is inserted in the certificates table, thiscertificate being transmitted to the microcircuit every time that thesignature is checked using the public key.
 11. The method according toclaim 1, wherein the certificates table is stored in a secure memoryarea in the microcircuit.
 12. A microcircuit being designed to receiverequests to check digital signatures from the data processing system,and to process these requests, a digital signature being generated usinga private key only known to a signatory entity and associated with apublic key, said microcircuit comprising: memory means for storing acertificates table containing a digest form of at least one public key,wherein the public key is insertable into the certificates table bymeans for inserting, in the certificates table, a pointer to the digestform of the public key of the certification entity that issued thecertificate of the public key, so as to define a certification tree incombination with the inserted digest form of the public key; means forreceiving a digital signature to be checked and a public key in a pairof keys comprising a private key that was used to generate the digitalsignature to be checked; means for calculating a digest firm of thereceived public key, and for searching for the calculated digest form ofthe public key in the certificates tables; and means for decrypting thedigital signature using the received public key if the calculated digestform of the public key is located in the certificates table.
 13. Themicrocircuit according to claim 12, further comprising: means forreceiving a certificate of the public key to be inserted in thecertificates table, and a public key from a certification entity thatgenerated the certificate, the certificate comprising the public key tobe added into the certificates table and a digital signature of thecertification entity, generated using a private key belonging to a pairof keys including the public key of the certification entity, means forcalculating a digest form of the public key received from thecertification entity, and for searching for the calculated digest formof the public key in the certificates table, means for decrypting thedigital signature using the public key received from the certificationentity if the calculated digest form of the public key is located in thetable, means for extracting the public key to be inserted from thecertificate if the decrypted digital signature is correct, means forcalculating a digest of the public key extracted from the certificate,and for inserting the calculated digest in the certificates table. 14.The microcircuit according to claim 13, further comprising means fordeleting from the certificates table a digest of a public key to beremoved, and means for deleting from the certificates table all digestsof public keys associated with a pointer indicating the public key to beremoved.
 15. The microcircuit according to claim 13, further comprising:means for reading in a received certificate a validity end date of apublic key to be inserted, and means for entering the validity end dateof the public key to be inserted into the certificates table, togetherwith the digest of the public key to be inserted, if the validity enddate is earlier than the validity end date of the public key of thecertification entity read in the certificates table.
 16. Themicrocircuit according to claim 13, further comprising means forincrementing a usage counter associated with each public key digestentered into the certificates table, every time that a digital signatureis checked using the public key, and means for deleting a public keydigest from the certificates table when the associated usage counter iszero and the number of empty locations in the certificates table is lessthan a predetermined threshold.
 17. The microcircuit according to claim16, further comprising means for updating a last usage date associatedwith each public key digest entered into the certificates table, everytime that a digital signature is checked using the public key, means fordeleting a public key digest from the certificates table when the numberof empty locations in the certificates table is less than apredetermined threshold, and means for selecting a digest of a publickey to be deleted as a function of the corresponding associated valuesof the usage counter and the last usage date.
 18. The microcircuitaccording to claim 12, further comprising means for executing apredefined hashing function to calculate the digest forms of the publickeys.
 19. The microcircuit according to claim 12, further comprisingmeans for inserting a root public key in the certificates table, using awrite processing controlled by a MAC calculated using a specific key inthe microcircuit and only known to an entity having issued themicrocircuit.
 20. The microcircuit according to claim 12, wherein themeans for calculating the digest of a public key memorized in thecertificates table comprise means for calculating a digest of the publickey associated with other information comprising the validity end dateof the public key, identity information and serial numbers, thisinformation being transmitted to the microcircuit every time that thesignature is checked using the public key.
 21. The microcircuitaccording to claim 12, wherein the means for calculating the digest of apublic key memorized in the certificates table comprise means forcalculating a digest of the certificate received by the microcircuitwhen the public key is inserted in the certificates table, thiscertificate being transmitted to the microcircuit every time that thesignature is checked using the public key.
 22. The microcircuitaccording to claim 12, wherein the memory means for storing thecertificates table is a secure memory area.